This beginner-friendly guide shows how to manage a remote Debian server from a Windows PC using Windows Subsystem for Linux (WSL). You’ll set up SSH keys, connect securely, and install software like Microsoft SQL Server (MSSQL).
- Prerequisites
- SSH (secure connection with your server)
- Create a non-privileged user (on the server)
- Install software on the server
- A Windows system with administrator rights.
- A Debian 12 server (remote) with at least 4 GB RAM.
Placeholders used below—replace with your details:
- 12.34.56.78 → your server IP or DNS name
- user → your Linux username on the server (avoid using root when possible)
- newusername → other user Linux username on the server
Note: Get a powerfull server from contabo at low price. (https://contabo.com/en/)
Open PowerShell as Administrator and install Debian in WSL.
Run in: Windows PowerShell (Admin)
wsl --install -d DebianMake sure your Debian (inside WSL) is up to date.
Run in: WSL (Debian)
sudo apt update
sudo apt upgradewe need the ssk-keygen and ssh commands.
sudo apt install -y openssh-clientThese aliases make SSH and key generation simpler.
Run in: WSL (Debian)
nano ~/.bash_aliases# Adding convenience aliases to ~/.bash_aliases
# Set your email address for SSH key comment
SSHKEYGEN_EMAIL_ADDRESS="user@example.com"
# Set default SSH key file location
SSH_KEY_FILE="$HOME/.ssh/id_rsa"
# Alias for generating SSH keys
alias generate-ssh-key='ssh-keygen -t rsa -b 4096 -C "$SSHKEYGEN_EMAIL_ADDRESS" -f "$SSH_KEY_FILE" -N ""'
# Alias for server SSH connection
# Replace 'user' with your actual username on the server
# Replace '12.34.56.78' with your server's IP address
alias ssh-connect-myserver='ssh -i "$SSH_KEY_FILE" user@12.34.56.78'
alias ssh-connect-myserver-root='ssh -i "$SSH_KEY_FILE" root@12.34.56.78'
alias myserver-tunnel='ssh -L 1433:localhost:1433 user@12.34.56.78'
# Add more aliases as neededAfter saving, reload your shell to activate the aliases (or open a new WSL terminal):
Run in: WSL (Debian)
source ~/.bashrc || source ~/.profile || trueBelow is a step-by-step explanation of how to set up SSH key-based authentication for passwordless server access:
- Generate SSH key pair
This command creates a new SSH key pair (private and public key) for secure authentication:
generate-ssh-key
-
Test SSH connection This command checks if you can connect to your server as root using SSH:
ssh-connect-myserver-root
-
Copy public key to server This command appends your public key to the server's list of authorized keys, enabling passwordless login:
cat ~/.ssh/id_rsa.pub | ssh-connect-myserver-root "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
-
Connect with SSH key Now you can connect to the server without entering a password:
ssh-connect-myserver-root
-
Connect Server Connect to the server (should no longer prompt for a password if keys are set up):
ssh-connect-myserver-root
-
Get sudo packages
sudostands for "superuser do" and allows a regular (non-root) user to run commands with administrative (root) privileges. This is safer than logging in as root, because you only use elevated permissions when needed. For installation do:'apt-get install -y sudo'
After installing, you can add users to the sudo group so they can run admin commands safely.
- Create user
Add as many users as you need (replace newusername):
adduser newusername
Run in: WSL (Debian) where newusername are login and had created a ssh key by ssh-keygen command
2. Each user needs to copy public key to server
bash cat ~/.ssh/id_rsa.pub | ssh newusername@12.34.56.78 "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
-
Optional: Give a user sudo privileges At least one user should have sudo privileges so we can close access for root through ssh.
usermod -aG sudo newusername
Debian uses nftables as its firewall system. Here’s how to reset the firewall, allow only SSH (port 22), and make the rules persistent:
This ensures you start with a clean slate (run as root or with sudo):
sudo systemctl stop nftables || true
sudo nft flush rulesetCreate a new table and chain, set default policy to drop, and allow only SSH:
sudo nft add table inet filter
sudo nft add chain inet filter input { type filter hook input priority 0 \; policy drop \; }
sudo nft add rule inet filter input iifname "lo" accept
sudo nft add rule inet filter input ct state established,related accept
sudo nft add rule inet filter input tcp dport 22 acceptSave the current ruleset so it loads on boot:
sudo nft list ruleset | sudo tee /etc/nftables.conf > /dev/null
sudo systemctl enable nftables
sudo systemctl start nftablesNow, only port 22 (SSH) is accessible from outside. All other incoming connections are blocked by default.
Below is a step-by-step explanation of how to set up the MSSQL Server repository on your Debian server. Run these commands on the server (over SSH). Use sudo with a non-root user.
-
Install required dependencies These packages are needed to securely download and manage repositories and keys:
sudo apt install -y gnupg2 apt-transport-https wget curl
-
Download and add the Microsoft GPG key This command downloads the official Microsoft signing key and converts it to a format usable by Debian/Ubuntu:
curl -fsSL https://packages.microsoft.com/keys/microsoft.asc | \ gpg --dearmor | sudo tee /usr/share/keyrings/microsoft.gpg > /dev/null 2>&1
-
Add the MSSQL Server repository This command adds the Microsoft SQL Server repository for Ubuntu 22.04 to your Debian system. This is necessary because Microsoft does not provide a native Debian package:
echo "deb [arch=amd64,arm64,armhf signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/ubuntu/22.04/mssql-server-2022 jammy main" | \ sudo tee /etc/apt/sources.list.d/mssql-server-2022.list > /dev/null
-
Update package index This command refreshes the list of available packages and their versions, ensuring you get the latest version when installing:
sudo apt update
-
Install MSSQL Server This command installs the Microsoft SQL Server package using the repository you added earlier:
sudo apt-get install -y mssql-server
-
Run initial MSSQL configuration This command starts the setup wizard for MSSQL Server, allowing you to choose edition, set the SA password, and configure other options:
sudo /opt/mssql/bin/mssql-conf setup
-
Check MSSQL Server status This command verifies that the MSSQL Server service is running correctly:
sudo systemctl status mssql-server --no-pager
To securely access your MSSQL server from a Windows client, you can use SSH tunneling. This allows you to forward a local port on your Windows machine to the remote MSSQL port (default 1433) on your Debian server, without exposing the database port directly to the internet.
If you want to allow only local connections (recommended for SSH tunneling), allow traffic on port 1433 for localhost only:
sudo nft add rule inet filter input ip saddr 127.0.0.1 tcp dport 1433 accept
sudo nft list ruleset | sudo tee /etc/nftables.conf > /dev/nullOn your Windows machine, use PowerShell or Command Prompt to create an SSH tunnel. This forwards your local port 1433 to the remote server's port 1433:
ssh -L 1433:localhost:1433 user@your-server-ipReplace user with your server username and your-server-ip with the server's IP address. Leave this terminal open while you need the tunnel.
Alternative (from WSL): if you added the alias earlier, you can run:
Run in: WSL (Debian)
myserver-tunnelIn your SQL client (e.g., SSMS, Azure Data Studio), connect to localhost,1433 as the server name. The connection will be securely tunneled to your Debian server.
Note:
- Make sure the SSH port (default 22) is open on your server.
- The MSSQL service must be running and listening on port 1433 (default).